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Amendments to the Claims 

This listing of the claims will replace all prior versions, and listings of claims in the 
application. Please add new claims 34 and 35. 

Listing of Claims: 

1. (previously presented) A system arranged to provide a gatev^ay between a 
first netv^ork and a second network, the system comprising: 

interface means to receive from the first network a message intended for 
an object in the second network, the message including an identifier for a further 
object in either the first or second network; 

means to generate further interface means for receiving from the second 
network messages for the further object; 

means to form a new identifier for the further interface means, the new 
identifier including check data resulting from a hash operation for checking the 
validity of the or at least part of the new identifier; 

means to replace the received identifier with the new identifier in the 
message; and 

means to forward the message to the object in the second network. 

2. (original) A system according to claim 1, wherein the new identifier includes 
information to enable subsequent recovery by the system of the received 
identifier. 

3. (original) A system according to claim 2, wherein the new identifier includes a 
representation of the received identifier. 

4. (original) A system according to claim 2, wherein the new identifier includes 
an indication of the identity of the received identifier and the system includes 
means to associate said indication with said received identifier. 

5. (previously presented) A system according to claim 1, comprising means to 
include in the new identifier a name tag to identify the interface means. 
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7. (previously presented) A system according to claim 1, wherein the check data 
further comprises a secret. 

8. (previously presented) A system according to claim 1, comprising means to 
include in the new identifier an indication that the received identifier was 
received in an message from the first (or second) network. 

9. (original) A system according to claim 1, comprising means to determine 
whether the received identifier originated from the first network or the second 
network. 

10. (original) A system according to claim 9, comprising means to form the new 
identifier on the basis of the determined origin. 

11. (original) A system according to claim 10, wherein, if the received identifier 
originated in the first network, the means to form the new identifier forms a new 
identifier including information to enable subsequent recovery by the system of 
the received identifier. 

12. (original) A system according to claim 10, wherein, if the received identifier 
originated in the second network, having passed through the system from the 
second network to the first network, the means to form the new identifier forms 
a new identifier comprising an original identifier recovered from information 
included in the received identifier. 

13. (original) A system according to claim 10, wherein, if the received identifier 
originated in the first network, having passed through the system from the first 
network to the second network and having passed back to the first network other 
than through the system, the means to form the new identifier forms the new 
identifier as a copy of the received identifier. 
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14. Coriginal) A system according to claim 1, comprising means to detect a name 
tag in the message. 

15. (original) A system according to claim 14, comprising means to determine on 
the basis of the name tag whether the object in the second network is valid and is 
still available to receive messages. 

16. (original) A system according to claim 15, wherein the means to determine 
initiates a call to a naming service, the naming service being configurable by an 
authorised party by adding or removing name tags, and the presence or absence 
of a name tag being indicative of whether the object associated with the name tag 
is available or not respectively. 

17. (original) A system according to claim 1, comprising means to verify the 
received identifier. 

18. (original) A system according to claim 17, wherein identifier includes check 
data to enable verification of the received identifier. ^ 

19. (original) A system according to claim 18, wherein the check data is the result 
of a hash operation enacted on at least part of the identifier and a secret, and the 
means to verify the received identifier is configured to enact a similar hash 
operation on the same part of the identifier and a secret and compare the 
resulting check data with the received check data. 

20. (original) A system according to claim 19, wherein the secret is stored by and 
only accessible by the gateway. 

21. (original) A system according to claim 1, wherein the means to generate the 
further interface means comprises means to determine on the basis of the 
received identifier whether a template for an appropriate further interface means 
is already known to the system. 
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22. (original) A system according to claim 21, wherein the means to generate the 
further interface means comprises means, which is operable in the event an 
appropriate template is not known to the system, to obtain an appropriate 
template from a remote repository. 

23. (previously presented) A system according to claim 21, wherein the means to 
generate the further interface means comprises means, which is operable in the 
event no appropriate template is known to the system and /or an appropriate 
template is not recoverable from a remote repository, to obtain a generic 
template. 

24. (previously presented) A system according to claim 21, wherein the means to 
generate the further interface is arranged to at least obtain a template for the 
further interface means on or after receipt of the received identifier and in 
advance of receipt of a message for the further object. 

25. (previously presented) A system according to claim 1 configured for 
operation in a trusted operating system. 

26. (original) A system according to claim 25, wherein the trusted operating 
system enforces Mandatory Access Control. 

27. (original) A system according to claim 26, comprising at least two logical 
compartments and a trusted relay process that has privileges necessary to pass 
messages between the two compartments, wherein the first network and the 
respective interface means are associated with a first compartment and the 
second network is associated with a second compartment. 

28. (previously presented) A system according to claim 26, wherein a secret, 
usable by the system in a hash operation for validating object references, is 
associated with a third compartment, and wherein only the trusted relay process 
has the privileges necessary to retrieve the secret from the further compartment 
in order to enact a hash operation. 
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29. (original) A system according to claim 1, wherein the received identifier is an 
Interoperable Object Reference having the form IOR[host: port: key]. 

30. (previously presented) A system according to claim 1, wherein the new 
identifier is an Interoperable Object Reference having the form IOR[host x: port 
x: key x], wherein key x includes information to enable subsequent recovery by 
the system of the received identifier. 

31. (original) A system according to claim 30, wherein key x includes a 
representation of the received object reference IOR[host i: port i: key i]. 

32. (previously presented) A system according to claim 30, wherein key x 
includes: 

an identifier to indicate from which network the object reference 
originated; 

a name tag associated with an identity of the gateway process; and 
check data for verifying the validity of the object reference. 

33. (previously presented) A method of controlling a gateway to pass messages 
for objects between first and second networks attached to the gateway, the 
method comprising the steps of: 

receiving from the first network a message for an object in the second 
network, the message including an identifier for a further object in either the first 
or second network; 

generating means to receive messages for the further object; 

forming a new identifier for the means to receive messages for the further 
object, the new identifier including check data resulting from a hash operation 
for checking the validity of the or at least part of the new identifier; 

replacing the received identifier with the new identifier in the message; 

and 

forwarding the message to the object in the second network. 
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34 (new): The system according to Claim 1, wherein the further interface means 
corresponds to the further object and the further interface means is generated 
only when or after the message including the identifier for the further object is 
received. 

35 (new): The method of claim 33, wherein the further interface means 
corresponds to the further object and the further interface means is generated 
only when or after the message including the identifier for the further object is 
received. 



